MaxTrade contains a flaw that allows a remote sql injection attacks.Input passed to the "categori" and "stranica" parameter in "pocategories.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.